0108 | Process Management
Process Management
Process Information
ps;top
- report a snapshot of the current processes |
psps-- (default)- print current running processes
- only processes for the current user and from the current terminal
- examples |
ps# -S: disable word wrap -- all users -- bsd syntax
ps ax | less -S
# unix format --
ps -e | less -S
# most commonly used -- bsd
ps aux | less -S
# most commonly use -- unix
ps -ef | less -S
# all processes running as root in user format
ps -U root -u root u | less -SnoteIf you have read "The Cuckoo's Egg" by Cliff Stoll, it was the command
ps -eafgthat the hacker executed that served as one of the first indicators, that the adversary was more familiar with "AT&T Unix" than "Berkeley Unix", since the-fflag, which would list each process's files is not found on "Berkeley Unix", which does the same by default. Same Options today (on ps-versionprocps-ng 3.3.17):-e| Select all processes-a| Select all processes except both session leaders and processes not associated with a terminal-f| OUTPUT FORMAT CONTROL - to choose the information displayed by ps- Do full-format listing. This option can be combined with many other UNIX-style options to add additional columns. It also causes the command arguments to be printed.
-g| Really all, even session leaders. This flag is obsolete and may be discontinued in a future release. It is normally implied by the a flag, and is only useful when operating in the sunos4 personality.
tipIt's a fascinating read; I wholeheartedly encourage you to read it if you haven't already. :)
- Title: THE CUCKOO'S EGG - Tracking a Spy through the maze of computer espionage
- Author: Cliff Stoll
- explanation | Column names
UID| user id of the process- the process has the same privileges as the user running it
PID| process id- unique
PPID| parent process id- the pid of the parent process that created this process
C| processor utilisation percentageSTIME| start time of the processTTY| indicates the terminal used to control the process- ? --> no associated terminal
- normal for system processes running in the background
- ? --> no associated terminal
TIME| the amount of cpu time the process has usedCMD| the command that has started the process
- hierarchical view |
psps -eH | less -S
- hierarchical view |
pstreepstree | less -S
- display Linux processes |
top- default -- updated every 3 sec --> use "d" to change it
- default -- ordered by cpu usage
Foreground and Background Processes
&;bg;fg
- every command is running as a foreground process as default
- start process in the background
<command> &
- move: foreground --> background
- use
[ctrl+z]- suspends the process
- will pause the process --> process will stop
- use
- list suspended jobs
jobs
- move: suspended --> background
bg- will start the suspended process again
- move: background --> foreground
fg
- if multiple backgrounded
+--> next foregrounded withfg---> will not
- select foregrounded process
- if multiple in background
fg 3- or in kali
fg %xclock
Managing Processes
kill;pkill;sleep
- process states
- cpu executing a processs --> running
- [ctrl+z] --> stopping a process (stop signal is sent)
- waiting for a resource --> sleeping state
- zombie processes
- the remains of the processes that were not properly cleaned up when they died
- signals --
kill -l- 1 | SIGHUP | hang up
- signal to a process to reread it's configuration
- resetting a process without restarting it
- 9 | SIGKILL | shutdown signal
- processes can NOT ignore this signal
- no chance for processes to clean up after themselves
- 15 | SIGTERM | default signal that will be sent with
kill- polite request to the process to shut down
- gives the process the chance to clean up (temp files...)
- processes can ignore this signal
- 19 | SIGSTOP |
[ctrl+z]| stop a foreground process
- 1 | SIGHUP | hang up
- send a signal to a process |
kill# default kill -- sigterm -- 15
xeyes &
ps -ef | grep xeyes
# kill <pid>
kill 86723
# use sigkill -- 9
xeyes &
ps -ef | grep xeyes
kill -9 87390 - send the specified signal (by default SIGTERM) to each process instead of listing them on stdout |
pkill- killing processes by name not pid
- if multiple processes with same name -- all of them will be killed
- example
xeyes &
xeyes &
pkill xeyes
# both will be killed
- pauses execution in the shell for the specified time |
sleepsleep 5-- to sleep for 5 sec
Scheduling Processes with Crontab and Init.d
- daemon to execute scheduled commands (Vixie Cron) |
cron- system wide crontab file
- "/etc/crontab"
- intended for maintenance of the entire system
anacron| acranostic cron- for systems not running non-stop
- list daily jobs
ll /etc/cron.daily
- adding a custom cron job |
crontab -e- fields
- m -- minutes -- (0-59)
- h -- hours -- 0-23
- dom -- day of the month -- 1-31
- mon -- month -- 1-12
- dow -- day of the week -- (sunday)0-6(saturday)
- command -- command to run
- examples -- update the timestamp of a file
- 1:05 in the morning; second day of each month
5 1 2 * * touch /home/bob/cron/crontab-ran.txt
- if 1:05 and 13:05
5 1,13 2 * * touch /home/bob/cron/crontab-ran.txt
- every five minute
*/5 * * * * touch /home/bob/cron/crontab-ran.txt
- check if added correctly
crontab -l
- 1:05 in the morning; second day of each month
- fields
- remove a custom cron job
crontab -r
- system wide crontab file
init.d| "/etc/init.d/"- for running tasks when the system boot
- adding a custom script to "/etc/init.d/"
- different run levels
ls -d /etc/rc*.d- for desktop system
- we usually use run level 5
- servers usually boot with run level 3
- without the graphical login as level 5
- when debugging/fixing the system
- run level 1
- looking at run level 5
cd /etc/rc5.d/ && ls -l- all the files are soft links to "/etc/init.d/"
- all start with
KorSK| when the service is going to be stoppedS| the script should be run when the service is started
- after the
S/Kis a number- tells the system in which order the services should be started
- all 01 --> no preferred order